Error in java code analysis with sonar-scanner

Goodnight.
Currently I have in the code analysis of 2 projects developed in JAVA:
1.- In the first project the analysis is made locally and at the end of the analysis the TIME OUT error message is displayed. Attached file (project # 1)
2.- In the second project, the analysis is also done locally with the sonarscanner but at the time of presenting the results on the main page of the SonarQube, only the analysis of a single language (xml) is presented, when the project is developed in java and xml. Attached file (project # 2)

The SonarQube version used is Enterprise Edition Version 7.9.1 (build 27448) with sonar-scanner-3.2.0.1227
Java projects are developed in Java Eclipse Oxygen
project#1.txt (34.7 KB) project#2.txt (31.5 KB)

Hi @Jorge_Lino,

Regarding your project #1, here’s my understanding:

  • As you noticed, the scan fails because the SonarScanner is unable to “blame” the source file to know which lines were changed because connectivity to your SVN does not seem to work.
  • Quick workaround is to disable SCM integration by passing in this parameter -D"sonar.scm.disabled=true". You’ll lose the metadata (date, author of commits, etc.) related to the file but it will get your analysis to continue.
  • To truly fix this issue, you need to figure out why SonarQube cannot access your SVN. You should check the Administration > General Settings > SCM > SVN section settings.

Regarding project #2:

  • I cannot easily tell why the Java file is not being analyzed nor recognized in your logs.

Here is my recommendation:

  • Update all of the SonarSource core plugins (the ones that say “Developed by SonarSource”) in the Administration > Marketplace, check that you have the latest versions with the Plugin Version Matrix
  • Instead of using the sonar-scanner CLI for your Java projects, you should use SonarScanner for Gradle or Maven. These SonarScanner wrappers are very similar to the sonar-scanner CLI, but they handle the parameters for sonar.java.binaries, sonar.sources, etc. without you having to set them. Check out the sonar-scanning-examples repo with examples of how the projects and files are structured.

Once you update your plugins, try running your sonar-scanner command again and see if you get the same errors. Has this every worked before? If it hasn’t, please try using SonarScanner for Gradle or Maven and scan again. If it fails, please provide the debug logs.

  • For Gradle, you can pass it inline: ./gradlew clean build sonarqube --debug
  • For Maven, you can pass it inline as well: ./mvn clean install sonar:sonar -X

Joe

Thanks Joe.
I comment:
The solution from the first project worked, now both projects (project # 1 and project # 2) have the same problem. I tried the recommendation you gave me for project # 2 it didn’t work.

Hi @Jorge_Lino,

Good: now we can proceed with focusing on a single issue now.

Please pass -D"sonar.verbose=true", rerun your scan analysis, and please attach the logs again.

Joe

Hi, Joe
I send you the requested files
thanks
project#1_2311.txt (31.0 KB) project#2_2311.txt (31.4 KB)

Hi @Jorge_Lino,

Thank you for updated logs. I still cannot see why the Java file is being ignored since it looks correct so far.

Can you provide a reproducer for me? It can be the entire Java project you have or just the files needed to recreate the problem, whichever is easier.

Joe

For reasons of company policy, I could not provide you with the java project or a video performing the analysis.
Does the .sonarscanner file that is generated in the analysis of the projects help you?
In any case, we spoke with the person who is executing the analysis and in the course of this week the analysis will be carried out on another machine to download that it is a computer problem.

@Jorge_Lino, thank you for the update. Can you confirm that the issue was a computer issue and the analysis now works on another computer?

One thing I forgot to suggest: add an exclusion for the .scannerwork folder in your project or the entire project in your antivirus software. Since you are on Windows, you may be using Windows defender or something like that. This may help prevent strange issues like what you encountered.

Joe

Hi Joe
I did the analysis on the other computer and it gave me the same problem; The strange thing about all this is that only those two projects have these problems, the others are fine (more than 100 projects analyzed)

Very strange, @Jorge_Lino. Those 2 projects are problematic for strange reasons. Can you confirm that you’ve updated all your plugins, especially SonarJava? Also, did you switch to a Gradle/Maven build tool so that you can use Sonar Scanner for Gradle/Maven instead of the plain Sonar Scanner CLI? Even if the conversion to Gradle/Maven didn’t work, this should be the preferred way, if there is no other reason, when scanning a Java project.

Let me suggest a few ideas:

  1. Create a whole new project since its just 2 files and just start all over. Don’t copy and paste any of those files. Start fresh.
  2. Create a whole new project and copy and paste the files into this new project.
  3. Repeat both of these suggestions on someone else’s computer then try scanning on your computer.

Joe